How does separation of duties throughout an IT infrastructure mitigate risk for an organization?

The IT infrastructure of an organization encompasses various key processes, functions, and roles. It is important to maintain a checks-and-balances approach to ensure that to one person has all the control over one process. The Sarbanes Oxley and Gramm-Leach-Bliley Act stress on implementing “Separation of Duties” in all I.T. functions.

Separation of duties fulfills two purposes, both of which help reduce the risk within an organization. First, it prevents frauds, errors, and abuse of systems and processes, and second, it aids in the discovery of control failures such as theft of information, data breaches, and circumvention of security controls.

Separation of duties will ensure that the person creating a security application, is not the same person testing. It will ensure that the person creating a new security rule in the same person approving it. The person approving of a new policy should not have also created it. A person should not be allowed to audit his own activities.